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5 (57) Abstract: A method of masking the identity of a purchaser (30) during a credit transaction. Hie method includes the steps of 
establishing an alias credit account associated with the purchaser. The alias credit account includes an alias name and alias account 
number. The purchaser buys a selected item by utilizing the alias credit account The alias account is then verified as a valid account 

^ having adequate credit to purchase the selected item. Next, the alias account is associated with the purchaser. The selected item 

J>. may then be delivered to an alias address allowing pickup of the selected item by the purchaser or to his home address without the 

^ merchant knowing the purchaser's home address or the shipper knowing the nature of the item. 



WO 01/43084 PCT/USOO/42592 

METHOD OF MASKING THE IDENTITY OF A PURCHASER DURING A 

CREDIT TRANSACTION 

5 TECHNICAL FIELD 

This invention relates to credit transactions, and more particularly, to a method of 
masking the identity of a purchaser during a credit transaction. 

BACKGROUND ART 

1 0 The use of credit cards has increased tremendously over the last few years. However, 

the popularity of credit cards has not completely translated to the Internet. Recent polls 
indicate that most people are reluctant to purchase anything via the Internet due to concerns 
over lack of privacy when using a credit card through the Internet. There are several problems 
associated with the use of a credit card, whether over the Internet, a telephone, via mail, or 

15 even in person. During a credit card transaction, several parties (e.g., the merchant, a credit 
card issuer, and various financial institutions) may know the name, credit card number, billing 
address, and shipping address of a buyer. The merchant is also able to collect a detailed list 
of the items the buyer has purchased. It is a common practice for the merchants, credit card 
issuers, and financial institutions to sell this information to marketing firms. This information 

20 may be linked to other databases to form vast databases detailing personal information on a 
large amount of people. This collection and transfer of information results in a large amount 
of unwanted solicitations, such as junk mail and telephone solicitations. 

Identity theft is another serious problem resulting from using a credit card, especially 
over the Internet. Identity theft accounts for over SI 00 million lost each year. Studies also 

25 indicate that the crime of identity theft is on the rise. Identity theft occurs when a thief obtains 
the credit card number and name of an individual. With this information, the thief can request 
and receive other credit cards and other forms of identification associated with the individual. 
In essence, the thief "steals" the identity of the individual. The theft of the individual's 
identity can result in ruined credit, bill collector harassment, criminal records and mixed up 

30 identities for the innocent credit card user. 

Lack of privacy is perceived to be especially acute by the consumer when using a 
credit card over the Internet. Therefore, many consumers are reluctant to purchase items over 
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the Internet, resulting in billions of dollars of lost sales. Improved privacy is necessary to 
increase credit card sales, especially over the Internet. 

Although there are no known prior art teachings of a solution to the aforementioned 
deficiency and shortcoming such as that disclosed herein, prior art references that discuss 
5 subject matter that bears some relation to matters discussed herein are U.S. Patent Number 
4,055,746 to Peterson (Peterson), U.S. Patent Number 5,224, 1 62 to Okamoto et al. (Okamoto), 
U.S. Patent Number 5,420,926 to Low et al. (Low), and U.S. Patent Number 5,889,862 to 
Ohtaet al. (Ohta). 

Peterson discloses a method of securely using a credit card by utilizing a card having 

1 0 a plurality of ferromagnetic elements, capable of storing binary indicia, sandwiched between 
thin sheets of a non-magnetic material. Adopted names are provided on two faces and four 
edges of the card to provide security. The card may be inserted into a computer in any one of 
eight ways. When the proper adopted name is selected, the stored information on the card is 
released. The card owner knows the adopted name while an imposter has only one chance in 

15 eight of properly inserting and using the card. However, Peterson does not teach or suggest 
a parallel anonymous credit card account associated with an existing credit card account. 
Additionally, Peterson does not solve the privacy problems associated with credit card 
transactions. Peterson also suffers from the disadvantage of requiring a complex new type of 
credit card for use in transactions. 

20 Okamoto discloses an electronic cash system utilizing a blind signature system in 

which a user has electronic cash and a license issued by a bank showing that the user is entitled 
to use the electronic cash. The user presents to a store the electronic cash, information 
containing the license, and a composite number which is the product of at least two prime 
numbers. The store checks the validity of the license and the composite number, and if they 

25 are valid, prepares and offers an inquiry to the user. In reply to the inquiry, the user computes 
a power residue of a desired function using the composite number as a modulus and shows it 
as a response to the store. The store then verifies the validity of the response through the 
utility of the composite number, and, if valid, acknowledges the payment with electronic cash 
of the amount of money to be used. However, Okamoto does not teach or suggest a parallel 

30 anonymous credit card system. Okamoto merely discloses utilizing a complicated blind 
signature system which requires complex calculations by both the card user and the bank 
during any transaction. 

-2- 
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Low discloses a method of performing credit card transactions without disclosing the 
subject matter of the transaction to the institution providing the credit card. The method 
includes the use of a communications exchange so that information and funds may be 
transferred without the destination for the transfer knowing the source of the information or 
5 funds and the use of public key encryption so that each party to the transaction and the 
communications exchange can read only the information the party or the exchange needs for 
its role in the transaction. However, Low does not teach or suggest associating an anonymous 
credit card account with an existing credit card account. Additionally, Low suffers from the 
disadvantage of requiring two banks to implement and use the system, resulting in higher 
10 transaction costs. 

Ohta discloses a method of implementing traceable electronic cash. A user sends both 
public and secret information with his real name to a bank. The bank recognizes the user's 
identity and generates a pseudonym of the user. The bank uses a signature function to attach 
a signature to information composed of the public information and sends the user the signed 
15 information with a license. The user generates authentication information and sends the 
authentication to the bank, using a blind signature system. If the user abuses the electronic 
cash, the bank files a court order to reveal the correspondence between the real name and 
pseudonym of the user and trace the electronic cash spent. However, Ohta does not teach or 
suggest implementing a parallel anonymous credit card account associated with an existing 
20 accounting. Ohta also requires utilizing a blind signature scheme which is complex and 
expensive to implement. 

Review of each of the foregoing references reveals no disclosure or suggestion of a 
method as that described and claimed herein. Thus, it would be a distinct advantage to have 
a method which provides a simple and inexpensive way of masking the identity of a credit user 
25 during a credit transaction. It is an object of the present invention to provide such a method. 

DISCLOSURE OF INVENTION 

In one aspect, the present invention is a method of masking a true identity of a purchaser 
during a credit transaction. The method begins by establishing an alias credit account 
30 associated with the purchaser. The alias credit account masks the true identity of the purchaser 
by displaying only alias information. Next, the purchaser conducts a credit transaction by 
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buying a selected item using the alias credit account. The alias credit account is then 
associated with the purchaser. 

In another aspect, the present invention is a method of conducting an anonymous credit 
card transaction by a purchaser. The method begins by the purchaser ordering a selected item. 
5 The purchaser utilizes an alias credit account having alias information of the purchaser. The 
alias credit account is associated with a core account having a real identity of the purchaser. 
Next, a credit transaction for the selected item is authorized, and the selected item is then sent 
to the purchaser. 

In still another aspect, the present invention is a method of masking a true identity of 

10 a purchaser during a credit transaction. The method starts by establishing an alias credit 
account associated with the purchaser. The alias credit account includes an alias name 
masking the true identity of the purchaser and may also include an alias account number, an 
alias address, and an alias Personal Identification Number (PIN). The purchaser then conducts 
a credit card transaction to purchase a selected item using the alias credit account. The alias 

15 account is then verified as a valid credit account, and it is verified that sufficient credit is 
available to purchase the selected item. The alias credit account is associated with a core 
account displaying the true identity of the purchaser. The core account is then debited for the 
credit card transaction. 

In another aspect the present invention is a method of masking a true identity of an 

20 individual requiring a credit status report to complete a transaction. The method begins by the 
individual establishing an alias account. Next, the individual conducts the transaction 
requiring a credit status report using the alias account. The financial institution then requests 
the credit status report. The alias account is associated with the individual. Next, the credit 
status report is sent to the financial institution. 

25 In another aspect, the present invention is a method of masking a true identity of an 

individual during a transfer of medical records of the individual from a first health care 
provider to a second health care provider. The method begins by transferring the medical 
records to a service organization. Next, the true identity of the individual is masked on the 
medical records by the service organization. The service organization then transfers the 

30 masked medical records to the second health care provider. 
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BRIEF DESCRIPTION OF DRAWINGS 

The invention will be better understood and its numerous objects and advantages will 
become more apparent to those skilled in the art by reference to the following drawings, in 
conjunction with the accompanying specification, in which: 
5 FIG. 1 (Prior art) is a block diagram illustrating existing credit card transactions; 

FIG. 2 is a block diagram illustrating a credit card transaction of a purchaser utilizing 
an alias account in accordance with the teachings of the present invention; 

FIGs. 3A and 3B are flow charts outlining the steps for processing a credit card 
transaction utilizing an alias account in the preferred embodiment of the present invention; 
10 FIGs. 4 A and 4B are flow charts outlining the steps for processing an alias credit card 

transaction though the alias account facilitator in an alternate embodiment of the present 
invention; 

FIGs. 5A and 5B are flow charts outlining the steps for processing a alias credit card 
transaction though the alias account facilitator 52 acting as an Independent Service 
15 Organization (ISO) in an alternate embodiment of the present invention; 

FIGs. 6A and 6B are flow charts outlining the steps for establishing an alias account 
by the purchaser having an existing account in the preferred embodiment of the present 
invention; 

FIGs. 7 A, 7B, and 7C are flow charts outlining the steps for establishing an alias 
20 account by the purchaser requiring a primary core account in the preferred embodiment of the 
present invention; 

FIG. 8 is a top level block diagram illustrating a system configuration of an alias 
account system in the preferred embodiment of the present invention; 

FIG. 9 is a diagram of high level information transfer by the alias account system in 
25 the preferred embodiment of the present invention; 

FIG. 10 is a block diagram illustrating a medical transaction of a purchaser utilizing 
an alias account in accordance with the teachings of the present invention; and 

FIG. 1 1 is a block diagram illustrating a transaction for determining a credit status of 
a customer utilizing an alias account in accordance with the teachings of the present invention. 

30 
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MODES FOR CARRYING OUT THE INVENTION 

A method of masking an identity of a person during a transaction is disclosed. 
FIG. 1 is a block diagram illustrating an existing credit card transaction. A purchaser 
1 0 buys an item from a merchant 1 2 using a credit card. The merchant requests authorization 

5 for the credit card transaction by communicating with an authorization center 14 via a 
communications link 16. In most cases, the link 16 is a direct electronic link to the 
authorization center. The authorization center then verifies that the purchaser's credit card 
account is a valid account and has available credit by querying an issuing financial 
institution/card issuer 18 via a communications link 20. The issuing financial institution/card 

1 0 issuer keeps and processes all transactions of the purchaser 1 s credit card account. The issuing 
financial institution/card issuer then responds to the query by either authorizing or rejecting 
the requested credit card transaction. The authorization center then relays the authorization 
or rejection message to the merchant. The merchant, upon receiving proper authorization from 
the authorization center, delivers the item to the purchaser. 

15 Several problems arise from existing credit card transactions. Various financial 

institutions/card issuers and merchants keep large databases storing the credit card transactions 
of their customers (purchaser 10) and other account information, such as the home address, 
telephone number, and other personal data of their customers. Typically, these financial 
institutions sell this information to various marketers, thereby violating the privacy of the 

20 purchaser. This may result in the purchaser receiving numerous solicitations, such as mailings 
and telephone calls. 

Other problems also result from utilizing the existing credit card system. At times, the 
name and credit card number are obtained by thieves during the transaction process. The 
thieves use this information to establish new credit card accounts, and are actually stealing the 

25 "identity" of the purchaser. This information may be stolen from various sources during 
Internet purchases, telephone purchases, live purchases, discarded credit card receipts and 
statements, and other sources. 

In existing credit card systems, a single account is utilized. The account usually 
includes personal information necessary to process any credit card transaction. Personal 

30 information may include account name, account number, billing address, telephone number, 
and password identifier (for example, the maiden name of the purchaser's mother), as well as 
other personal information data necessary to initially establish the account.. 
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In the preferred embodiment of the present invention, a separate parallel "alias" 
account is established and associated with the primary "core" account. In other embodiments, 
the parallel alias account may also be used by multiple core accounts. Additionally, multiple 
alias accounts can be set up and used for a single core account (e.g., family members each 
5 having individual accounts linked to a single core account). The parallel alias account may 
include an alias account name, alias account number, an alias address, and a password 
identifier (e.g., mother's maiden name). The alias account is used by a purchaser to mask the 
true identity of the purchaser when privacy regarding the purchaser's credit card transactions 
is desired. In addition, a second alias account may be established utilizing a back-up alias 
10 account name, a second alias account number, a second alias address, and a password 
identifier. The back-up alias account may be used when the first alias account(s) is 
compromised. The purchaser may also have a plurality of back-up accounts. 

FIG. 2 is a block diagram illustrating a credit card transaction of a purchaser 30 
utilizing an alias account accordance with the teachings of the present invention. In the 
1 5 preferred embodiment of the present invention, the purchaser communicates through a data 
network, such as the Internet. In alternate embodiments, the purchaser communicates via 
telephone, mail, or in person to a merchant 34. The merchant 34 may have a web site 
accessible through the Internet, a telephone receiving system, or a mail order address. The 
merchant communicates with an acquiring credit card processor 38, which typically processes 
20 credit card transactions uti lizing the Automated Clearing House ( ACH) Network to authorize 
a credit card transaction. The ACH Network is a processing and delivery system that provides 
for the distribution and settlement of electronic credits and debits among a large number of 
financial institutions. The acquiring processor may be a financial institution or a third party 
processor. The acquiring processor communicates with an issuing financial institution 40 or 
25 a card issuer 44. The merchant may also optionally communicate with a PIN confirmation and 
fraud prevention system 48 (e.g., CyberSource, CyberCash, Digital Identification), or other 
method of verifying the identity of the purchaser and the validity of the purchase. In alternate 
embodiments of the present invention, a service organization called an alias account facilitator 
52 may communicate with the merchant. Additionally, the alias account facilitator may 
30 communicate with the acquiring processor 38, or the issuing financial institution. The 
merchant may send packages via a shipping system 59. The shipping system may also 
communicate with the alias account facilitator. The shipping system may include a private 
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postal store such as Mail Box, Etc., a postal box located at a U.S. Postal Station, or a private 
shipper such as United Parcel Service (UPS) or Federal Express (FEDEX). In the preferred 
embodiment, all the components shown in FIG.2 are connected through a data network such 
as the Internet and may utilize encryption techniques such as Secure Sockets Layer (SSL) or 

5 Secure Electronic Transaction (SET). 

FIGs. 3 A and 3B are flow charts outlining the steps for processing a credit card 
transaction utilizing an alias account in the preferred embodiment of the present invention. 
With reference to FIGs. 2, 3A, 3B, and 3C, the steps of the method will now be described. 
Beginning with step 70, the purchaser 30 orders an item utilizing an alias account name and 

10 number. The purchaser may purchase via the Internet, telephone, in person, or via mail. In 
step 72, the merchant receives the order from the purchaser. In step 74, the merchant may 
optionally verify the identity of the purchaser by requesting a personal identification number 
(PIN) from the purchaser. The PIN is then verified via the PIN confirmation and fraud 
prevention system 48. Next in step 76, the merchant requests authorization of the transaction 

1 5 using the alias account from the acquiring processor 38. In step 78, the acquiring processor, 
utilizing the ACH Network, requests authorization from the issuing financial institution 40 or, 
if required, the card issuer 44. In many instances, the issuing financial institution, such as a 
bank, is actually a credit card issuer. In other cases, the credit caid is issued by a separate card 
issuer (e.g., American Express). In step 80, the card issuer or the issuing financial institution 

20 replies to the authorization request to the acquiring processor. The reply will include either 
an acceptance of the credit transaction or a rejection of the credit transaction. Next, in step 82 
(FIG. 3B), the acquiring processor forwards the authorization response to the merchant. 

In step 84, it is determined by the merchant if the credit transaction is accepted. If the 
credit card transaction is accepted, the method moves to step 86, where the merchant sends the 

25 ordered item(s) to the purchaser. The ordered item may optionally be delivered via the 
shipping system 59 to an alias address associated with the alias name of the purchaser. The 
alias address may be located at a private postal store or at a remote location away from the 
purchaser, such as a postal box located at a U.S. Postal Station, requiring the pickup of the 
ordered item by the purchaser. Alternately, the ordered item may be sent via a blind shipment 

30 to a private shipping company. The merchant sends the ordered item to the private shipping 
company with the purchaser's alias account number. The private shipping company then 
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communicates with the alias account facilitator to obtain the desired shipping address of the 
purchaser, which may be the purchaser's actual address or an alias address. 

If, however, it is determined that the credit transaction is rejected, the method moves 
from step 84 to step 88, where the merchant rejects the purchaser's order. 

5 The method described in FIGs. 3A and 3B illustrates the credit card transaction in 

which the financial institution or card issuer associates and tracks the alias account with the 
primary core account. All information utilized in the purchase order utilizes only the alias 
account information, thereby maintaining the privacy of the purchaser by masking the true 
identity of the purchaser 30. 

10 FIGs. 4 A and 4B are flow charts outlining the steps for processing a alias credit card 

transaction though the alias account facilitator 52. With reference to FIGs. 2, 4A, and 4B 5 the 
steps of the method will now be described. Beginning with step 90, the purchaser 30 orders 
an item utilizing an alias account name and number. The purchaser may buy through the 
Internet, telephone, mail, or in person. In step 92, the merchant receives the order from the 

15 purchaser. In step 94, the merchant may optionally verify the identity of the purchaser by 
requesting a personal identification number (PIN) from the purchaser. The PIN is then 
verified via the PIN. Next, in step 96, the merchant sends the credit transaction order to the 
alias account facilitator 52. In step 98, the alias account facilitator strips the alias account 
information from the credit card transaction order and replaces the information with the 

20 primary core account information. Then, in step 1 00, the modified credit transaction order is 
sent to the acquiring processor 38. 

In step 1 02 (FIG. 4B), the acquiring processor, utilizing the ACH Network, requests 
authorization from the issuing financial institution 40 or. if required, the card issuer 44. In 
step 1 04, the card issuer or the issuing financial institution replies to the authorization request 

25 to the acquiring processor. The reply will include either an acceptance of the credit transaction 
or a rejection of the credit transaction. Next, in step 1 06, the acquiring processor will forward 
the authorization response to the merchant. 

In step 108, it is determined by the merchant if the credit transaction is accepted. If the 
credit transaction is accepted, the method moves to step 110 where the merchant sends the 

30 ordered item(s) to the purchaser. The ordered item may optionally be delivered via shipping 
system 59 to an alias address associated with the alias name of the purchaser. The alias 
address may be located at a private postal store or at a remote location such as a postal box 
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located at a U.S. Postal Station, requiring the pickup of the ordered item by the purchaser. 
Alternately, the ordered item may be sent via a blind shipment to a private shipping company. 
The merchant sends the ordered item to the private shipping company with the purchaser's 
alias account number. The private shipping company then communicates with the alias 

5 account facilitator to obtain the desired shipping address of the purchaser, which may be the 
purchaser's actual address or an alias address. 

If, however, it is determined that the credit card transaction is rejected, the method 
moves from step 108 to step 1 12, where the merchant rejects the purchaser's order. 

The method described in FIGs. 4A and 4B illustrates a credit card transaction utilizing 

10 the alias account facilitator to associate the alias credit card account with the primary' core 
account. The card issuer or issuing financial institution still tracks the primary core account, 
but is unaware of the alias account information. Since the alias account facilitator is the only 
institution which can associate the correct primary core account with the alias account of the 
purchaser, privacy is insured solely by the alias account facilitator. 

15 FIGs. 5 A and 5B are flow charts oudining the steps for processing a alias credit card 

transaction though the alias account facilitator 52 acting as an Independent Service 
Organization (ISO) in an alternate embodiment of the present invention. With reference to 
FIGs. 2, 5A, and 5B, the steps of the method will now be described. Beginning with step 120, 
the purchaser 30 orders an item utilizing an alias account name and number. The purchaser 

20 may purchase via the Internet, telephone, mail, or in person. In step 122. the merchant 
receives the order from the purchaser. In step 124, the merchant may verify the identity of 
the purchaser by requesting a PIN from the purchaser. The PIN is then verified via the PIN 
confirmation system 48. Next in step 1 26, the merchant sends the credit card transaction order 
to the alias account facilitator 52. in step 128, the alias account facilitator strips the alias 

25 account information from the credit card transaction order and replaces the information with 
the primary core account information. 

In step 130. the alias account facilitator 52, utilizing the ACH Network, requests 
authorization from the issuing financial institution 40 or, if required, the card issuer 44, 
thereby functioning as an ISO. An ISO performs sale and'or service transactions on behalf of 

30 the issuing financial institution 40 or the acquiring processor 38. In step 132 (FIG. 5B), the 
card issuer or the issuing financial institution replies to the authorization request to the alias 
account facilitator. The reply will include either an acceptance of the credit card transaction 

-10- 
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or a rejection of the credit card transaction. Next, in step 1 34, the alias account facilitator will 
forward the authorization response to the merchant. 

In step 1 36, it is determined by the merchant if the credit card transaction is accepted. 
If the credit card transaction is accepted, the method moves to step 138 where the merchant 
5 sends the ordered item(s) to the purchaser. The ordered item may optionally be delivered via 
shipping system 59 to an alias address associated with the alias name of the purchaser. The 
alias address may be located at a private postal store or at another remote location such as a 
postal box located at a U.S. Postal Station, requiring the pickup of the ordered item by the 
purchaser. Alternately, the ordered item may be sent via a blind shipment to aprivate shipping 
10 company. The merchant sends the ordered item to the private shipping company with the 
purchaser's alias account number. The private shipping company then communicates with the 
alias account facilitator to obtain the desired shipping address of the purchaser, which may be 
the purchaser's actual address or an alias address. 

If, however, it is determined that the credit card transaction is rejected, the method 
15 moves from step 136 to step 140, where the merchant rejects the purchaser's order. 

The method of FIGs. 5 A and 5B describes a credit card transaction utilizing the alias 
account facilitator to associate the alias credit card account with the primary core account. The 
alias account facilitator also acts as the ISO, obtaining authorization via the ACH network. 
The card issuer or financial institution still tracks the primary core account, but is unaware of 
20 the alias account information. Since the alias account facilitator is the only institution which 
can associate the correct primary core account with the alias account of the purchaser, privacy 
is insured solely by the alias account facilitator. 

FIGs. 6A and 6B are flow charts outlining the steps for establishing an alias account 
by the purchaser 30 having an existing account in the preferred embodiment of the present 
25 invention. With reference to FIGs. 2, 6A, and 6B, the steps of the method will now be 
described. Beginning with step 150, the purchaser communicates with the alias account 
facilitator 52. In the preferred embodiment of the present invention, the purchaser 
communicates through a web site of the alias account facilitator via a secure link to the 
Internet. The alias account facilitator web site may be reached by going directly to the site or 
30 through a hyperlink associated with another web site, such as a banking institution or Internet 
banner advertisement However, in alternate embodiments, the purchaser may communicate 
by telephone, mail, or in person. Next, in step 152, the alias account facilitator requests 
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information regarding the purchaser and his existing account. In step 1 54, the purchaser sends 
the information to the alias account facilitator. Then, in step 1 56, the alias account facilitator 
creates alias information associated with the existing account (primary core account) of the 
purchaser. The alias information may include an alias name, address, and PIN number. Alias 

5 names, in the preferred embodiment of the present invention, are typically generated in a series 
of 1000 accounts per series (e.g., Roberts series would have RobertslOOO through 
Roberts2000)> In an alternate embodiment of the present invention, the customer may select 
his own alias, within certain prescribed parameters. A series number is then added to the 
customer's selected name. In still another alternate embodiment, any series of symbols or 

1 0 numbers may be used to form an alias name. 

The purchaser may optionally request an alias address to which an ordered item may 
be sent. The alias address may be located at a private postal store or at any remote location 
such as a postal box located at a U.S. Postal Station, requiring the pickup of the ordered item 
by the purchaser. A convenient location of the alias address may be selected by the purchaser. 

1 5 such as the nearest private postal store. Alternately, the ordered item may be sent via a blind 
shipment to a private shipping company. When a blind shipment is made, the merchant sends 
the ordered item to the private shipping company with the purchaser's alias account 
information. The purchaser may request delivery via private shipping company. The purchaser 
must select the desired location where the ordered item is to be delivered, such as a home 

20 address or a postal box. The creation of an alias address may be done at the time of 
establishing an alias account or a later time by the alias account facilitator. The alias account 
facilitator may store the alias address with the other alias information of the purchaser. 

Next, in step 158. the alias account facilitator sends the alias information and the 
existing account information to the issuing financial institution 40 or card issuer 44 for 

25 verification. In step 160 (FIG. 6B), the issuing financial institution or card issuer verifies 
current account information of the purchaser 30. In step 1 62, it is determined by the issuing 
financial institution or card issuer whether the existing account is valid. If the existing account 
is not valid, the method moves to step 164 where the issuing financial institution or card issuer 
sends a rejection to the alias account facilitator. Next, in step 1 66, the alias account facilitator 

30 sends an invalid account notice to the purchaser. 

However, if it is determined that the existing account is valid, the method moves from 
step 162 to step 168 where the issuing financial institution or card issuer creates an alias 
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parallel account associated with the existing account. Next, in step 170, the issuing financial 
institution or card issuer sends the alias account information to the alias account facilitator. 
In step 172, the alias account facilitator sends the alias account information to the purchaser 
by e-mail, a secure Internet web page, postal service, or direct delivery. If a PIN is utilized in 
5 the alias account, the PIN 

is sent separately from the alias account information for added security. Any of the 
information items of the alias account information may also be sent separately to ensure added 
levels of security. Additional, if the purchaser desires a physical credit card, the issuing 
financial institution or card issuer sends a physical card to the purchaser. 
10 FIGs. 7 A, 7B, and 7C are flow charts outlining the steps for establishing an alias 

account by the purchaser 30 requiring a primary core account. With reference to FIGs. 2, 7A, 
7B, and 7C, the steps of the method will now be described. Beginning with step 1 80, the 
purchaser communicates with the alias account facilitator 52. As described in FIG. 6, 
communication may take the form of mail, telephone, via Internet, or in person. Next, in step 
15 182, the alias account facilitator requests information of the purchaser necessary for 
establishing a credit account. In step 1 84, the purchaser sends the requested information to 
the alias account facilitator. Then, in step 186, the alias account facilitator creates alias 
information. The alias information may include an alias name, address, and PIN. 

Next, in step 1 88, the alias account facilitator sends the alias information and the 
20 purchaser information to the issuing financial institution 40 or card issuer 44 for verification, 
credit check, and account set-up. In step 190 (FIG. 7B), the issuing financial institution or 
card issuer verifies the data of the purchaser 30. In step 1 92, it is determined by the issuing 
. financial institution or card issuer if the purchaser has proper identification and acceptable 
credit for the establishment of a credit account. If a new account is rejected for the purchaser, 
25 the method moves to step 194 where the issuing financial institution or card issuer sends a 
rejection to the alias account facilitator. Next, in step 1 96, the alias account facilitator sends 
a rejection notice to the purchaser. 

However, if it is determined that the application of the purchaser 30 is accepted, the 
method moves from step 192 to step 1 98 where the issuing financial institution or card issuer 
30 creates both a new primary core account and an alias parallel account associated with the 
primary core account. In an alternate embodiment, only an alias account is created, without 
a core account. Next, in step 200, the issuing financial institution or card issuer sends the alias 
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account information to the alias account facilitator. In step 202, the alias account facilitator 
sends the alias account information to the purchaser by e-mail, a secure Internet web page, 
postal service, or direct delivery. If a PIN is utilized in the alias account, the PIN is sent 
separately from the alias account information for added security. Any of the information items 

5 of the alias account information may also be sent separately to ensure added levels of security. 
Additional, if the purchaser desires a physical credit card, the issuing financial institution or 
card issuer sends a physical card to the purchaser. 

FIG. 8 is a top level diagram illustrating a system configuration of an alias account 
system 220 in the preferred embodiment of the present invention. The alias account system 

1 0 includes the alias account facilitator 52 having a plurality of data connections 222 to a plurality 
of providers 224, issuing financial institutions 40 ? and provider data hosts 226. The alias 
account facilitator may be located at a host site having a secure server 228 (e.g., Electronic 
Data Systems). The data connections may be dedicated or dial-up connections. The plurality 
of providers 224 and issuing financial institutions 40 are credit card issuers. Some of the 

1 5 providers 224 may include provider data hosts 226 which host the database of a corresponding 
provider 224. In the preferred embodiment of the present invention, the data transmitted 
between the alias account facilitator and the issuing financial institutions and the providers is 
encrypted for security. 

FIG. 9 is a diagram of high level information transfer by the alias account system 220 

20 in the preferred embodiment of the present invention. 

Data may be sent a variety of ways to include communications with an object based database 
230 or a DB2 based database 232. Additionally, data may be transferred via the Internet to an 
institution's Internet server 234 which accesses an institution's core database 236. In the 
preferred embodiment of the present invention, communication between the alias account 

25 facilitator 52 and the various institutional databases is done over a dedicated encrypted 
communications link. 

When the alias account facilitator 52 communicates with the object based database 
230, a proxy server 240 utilizing an object-based computer language, such as CORBA is used. 
The proxy server may signal the database 230 by sending an object request to record message 

30 242. The database may respond by sending an acknowledge and open record message 244 to 
the proxy server. Next, the proxy server may send an action to account message 246 to the 
database. The database may then respond by sending a confirmation and close record message 
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248 to the proxy server. In an alternate method, a CORBA object from the proxy server may 
contain the record message 242. open record message 244, and action to account message 246 
all in one object The database would then only respond with a confirmation; and close record 
message 248 or an invalid account message to the proxy server. 
5 When the alias account facilitator 52 communicates with the institution' s core database 

236 via the Internet, a web server 250 using HTML or XML communicates with the 
institution's Internet server 234. An HTML page 252 or XML object is sent between the web 
server and the institutions Internet server to communicate. 

When the alias account facilitator 52 communicates with the DB2-based database 232, 
1 0 a DB2-based proxy server 254 is used. The proxy server signals the database 232 by sending 
a request to open record message 256. The database responds by sending an acknowledge and 
open record message 258 to the proxy server. Next, the proxy server sends an action to 
account message 260 to the database. The database then responds by sending a confirmation 
and close record message 262 to the proxy server. 
1 5 There are several different types of accounts which may be established with an existing 

credit card account. An existing credit card account may be converted to an alias account in 
which the existing credit card (real identity) is canceled and replaced with an alias name and 
account number. An alias account may be an affinity card account in which the alias account 
includes an affiliation with an organization (e.g., alma mater, sports team, retailer, etc.). The 
20 alias account may include both an alias name and a completely different account number from 
the existing primary account or the same account number as the existing primary account. The 
alias account may be established as a core account linked to another core account via an 
identification tag. 

When a purchaser does not have an existing credit card core account and a new credit 
25 card account must be establish, several options exist in the creation of an alias account. A 
purchaser may establish only an alias account without creating a new primary core account 
with the purchaser's true identity. The alias account may be an affinity card account 
associated with an organization. The alias account may include the same or a different account 
number as a primary core account having the purchaser's real identity. The alias account may 
30 also be a core account linked to another core account via an identification tag. 

The alias account may include a virtual card and/or a physical card. A virtual card 
includes the alias information of the purchaser and an expiration date, that may be stored on 
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any medium, including a digital medium (e.g., computer, set top box, Internet appliance, 
wireless phone or other wireless device), without any physical card. The alias account may 
be associated with a physical card which may include a photo identification for verification 
of the individual as the true purchaser when making live purchases. To further enhance the 
individuals privacy while ensuring against fraudulent purchases on the alias account, the 
physical card may be two separate cards. A first card may be an official identification card 
with a photograph of the purchaser. The second card may be a card used for purchases or 
other purposes. The alias account may be a debit card, credit card, automated teller machine 
(ATM) card, electronic cash card, smart card, digital check, medical/prescription card, or any 
other form of medium used to conduct transactions/sales. 

In an alternate embodiment of the present invention, the purchaser may request specific 
marketing information resulting from the credit card transactions be sent to the purchaser. 
During the creation of an alias account the purchaser may select various types or subjects of 
marketing ads which the purchaser wishes to be sent to the purchaser. The alias account 
facilitator 3 8 may filter the desired marketing information out from the unwanted material and 
deliver the selected material directly to the purchaser (via e-mail, mail, or telephone) or to an 
alias address. 

The method described above offers many advantages over existing credit card 
transactions. The method provides privacy for a purchaser using a credit card. By masking 
the true identity of the purchaser, the purchaser avoids unwanted solicitations. Additionally, 
personal information, including the spending habits of the purchaser, is held only by those 
parties needing information during the credit card transaction. The method also prevents 
identity theft by providing an alias which cannot be used for identifying a specific individual. 
By utilizing the described invention, more purchasers are encouraged to purchases items, 
especially via the Internet, through the use of credit cards. 

In an alternate embodiment, the present invention may be used in medical transactions. 
Currently, medical cards are utilized by patients when seeking medical assistance at a hospital, 
health care provider, or making a purchase at a pharmacy or other health care related merchant. 
The medical cards typically contain information on the patient's medical insurer, medical 
insurance data, and other relevant information for the payment of services. FIG. 10 is a block 
diagram illustrating a medical transaction of a purchaser 300 utilizing an alias account in 
accordance with the teachings of the present invention. The purchaser 300 communicates with 
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a health care provider 302, such as a hospital, physician, pharmacist, or other health related 
institution or merchant. The purchaser is an individual purchasing medical services or goods, 
typically a patient, insured individual, or head of family to which the medical services are 
charged. The purchaser may utilize a medical card having an alias name, account or member 

5 number, group number, and other information similar to the alias credit card discussed above. 
The health care provider then communicates with an acquiring processor 304 to obtain 
authorization of the transaction order of the purchaser and any necessary coverage information 
on the purchaser. The acquiring processor, utilizing a health insurance network similar to the 
ACH network, requests purchase or coverage authorization and other coverage information 

10 from a financial institution 306. The financial institution is any organization which handles 
the health account of the purchaser, such as a health insurance company, plan administrator, 
health maintenance organization (HMO), or some other service organization storing the 
information of the purchaser. 

The financial institution 306, matches the alias name and account of the purchaser 300 

15 with the core name and account and responds by sending the coverage or purchase 
authorization and any other coverage information necessary for the medical transaction to the 
acquiring processor 304. The acquiring processor then sends the information to the health care 
provider 302, 

If, however, it is determined that the authorization is rejected, the health care provider 
20 302 rejects the purchaser's service or product purchaser request. 

In an alternate embodiment, the health care provider may send a request for coverage 
authorization or coverage information to an alias account facilitator 308. The alias account 
facilitator can then determine the core account corresponding to the purchaser 300 and request 
information from the acquiring processor 304. The acquiring processor then requests 
25 information from the financial institution 306. The alias account facilitator may act as an ISO 
and request information directly from the financial institution. The financial institution then 
sends the requested information back via the alias account facilitator to the health care 
provider. 

Alternatively, the purchaser 300 may establish an alias health account associated with 
30 the purchaser. The alias health account may include an alias name masking the true identity 
of the purchaser and may also include an alias account or member number, an alias address, 
an alias group number, and an alias PIN. The purchaser then conducts a medical transaction 
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with the health care provider 302 to purchase a selected item or service using the alias account, 
in a manner similar to the methods described in FIGs. 3-5. This transaction may or may not 
include the use of a physical credit card. The alias account is then verified as a valid account 
(either via the alias account facilitator 308 or the acquiring processor 304) to the financial 
5 institution 306. The alias account faci li tator or acquiring processor then verifies that sufficient 
coverage or credit is available to purchase the selected item or service from the financial 
institution. The alias account is associated with a core account displaying the true identity of 
the purchaser. The transaction is then recorded and may be debited to the core account. 

Still referring to FIG. 10, the purchaser 300 may also use an alias name when 
1 0 transferring medical records from a first primary health care provider 302 to a secondary health 
care provider 309. The health care provider 302 may transfer the medical records to the alias 
account facilitator 308 who replaces the true identity of the purchaser with an alias name. The 
records are then transferred to the second health care provider 309. The medical records, with 
associated history, may then be examined by the second health care provider 309, without 
1 5 knowing the true identity of the purchaser. In addition, when the patient is examined by the 
second health care provider 309, the purchaser uses the alias name associated with the aliased 
medical records, thereby keeping the privacy of the purchaser, while still providing all the 
relevant information necessary for the second health care provider to treat the purchaser. 

The method described in FIG. 10 offers advantages over existing medical systems. 
20 The purchaser's privacy is maintained by providing a health care provider with alias 
information, preventing the transfer of personal information, while still allowing the health 
care provider a method of verifying the coverage of their patients. In addition, the card may 
be used at participating pharmacies or other health care related merchants, allowing the 
anonymous procurement of prescribed drugs and other prescribed health products and services. 
25 An alias account may also be utilized in conjunction with flexible spending accounts. 

Many employers use flexible spending accounts for medical and child care expenses. An 
employee directs a specific amount of the employee's wages be sent to the flexible spending 
account. The employee, after paying the child care or medical expense incurred, may submit 
a request for reimbursement from the flexible spending account. By using a flexible spending 
30 account, the employee is not taxed on wages which are placed within the flexible spending 
account. In an alternate embodiment of the present invention, the employee may give an alias 
name and number to the health care provider or a child care provider. The health care provider 
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or child care provider can then submit a request for payment from the alias account facilitator. 
The alias account facilitator may then request transfer of funds from the employee's flexible 
spending account to the health care provider or child care provider via the employer or 
employer's plan administrator. By utilizing an alias account, the employee does not have to 
5 give personal information to the health care provider or child care provider. Additionally, 
payment is simplified for the employee since the employee does not have to submit paperwork 
to request reimbursement. 

In still another alternate embodiment, the credit status of an individual necessary to 
complete a purchase may be examined by utilizing an alias name and account. In existing 
1 0 systems, a customer requesting credit or verifying credit worthiness to complete a purchase, 
such as for a home mortgage or telephone service, must submit personal information to a 
financial institution, such as a mortgage company to obtain credit approval. The financial 
institutions may include banks, mortgage companies, utility companies, merchants, or 
telephone companies. Many times, the financial institutions compile information on 
15 customers, and sells the information to marketing agencies. To prevent the transfer of this 
personal information, while still providing the financial institution with a method of verifying 
the credit rating of the customer, an alias name and account may be utilized. FIG. 1 1 is a 
block diagram illustrating a transaction for determining a credit status of a customer 310 
utilizing an alias account in accordance with the teachings of the present invention. The 
20 customer requests a transaction requiring a credit status check of the customer from a financial 
institution 312. The financial institution may be any organization to which a customer must 
provide his credit status to complete a requested transaction, such as a bank, mortgage 
company, utility company, merchant, or telephone company. The financial institution requests 
a credit report from an alias account facilitator 314. The alias account facilitator matches the 
25 alias name and account with the true identity of the customer. The alias account facilitator 
then requests a credit report for the customer from a credit bureau 3 1 6 (e.g. Equifax, Experian, 
Trans Union, etc.) which maintains detailed credit reports on individuals. The credit bureau 
then responds by sending the requested credit report to the alias account facilitator. The alias 
account facilitator then sends the credit report to the financial institution with the true identity 
30 removed from the credit report. The financial institution then determines whether to provide 
the requested credit to the customer. 
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Still referring to FIG. 11, the customer 310 may also provide various financial 
institutions 3 1 2 with information on an alias saving account(s). The savings account may be 
associated with a core account having the true identity of the customer. However the alias 
savings account includes an alias name and optional alias address, thereby providing 
anonymity to the customer when providing the savings account information to the financial 
institution. 

By utilizing the method described in FIG. 1 1, a customer may receive a credit check 
from a financial institution without providing personal information to the financial institution. 
By preventing the financial institution from determining the true identity of a customer, the 
customer's privacy is maintained. 

It is thus believed that the operation and construction of the present invention will be 
apparent from the foregoing description. While the method shown and described has been 
characterized as being preferred, it will be readily apparent that various changes and 
modifications could be made therein without departing from the scope of the invention as 
defined in the following claims. 
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WHAT IS CLAIMED IS: 

1. A method of masking a true identity of a purchaser (30) during a credit 
transaction, the method comprising the steps of: 

establishing an alias credit account associated with the purchaser, the alias 
credit account masking the true identity of the purchaser; 

conducting a credit transaction by the purchaser to purchase a selected item 
using the alias credit account; and 

associating the alias credit account with the purchaser. 

2. The method of masking a true identity of a purchaser of claim 1 wherein the 
step of associating the alias credit account with the purchaser includes associating the alias 
credit account with a core account having the true identity of the purchaser, 

3 . The method of masking a true identity of a purchaser of claim 2 wherein the 
step of associating the alias credit account with a core account includes debiting the core 
account for the credit card transaction. 

4. The method of masking a true identity of a purchaser of claim 2 wherein the 
step of associating the alias credit account with a core account includes linking, by a service 
organization, the alias credit account with the core account. 

5. The method of masking a true identity of a purchaser of claim 4 wherein the 
step of linking, by a service organization, the alias credit account with the core account 
includes stripping alias information from the alias account and replacing the stripped alias 
information with information from the core account. 

6. The method of masking a true identity of a purchaser of claim 4 farther 
comprising, after the step of associating the alias credit account with a core account, the steps 
of: 

receiving, in the service organization, a plurality of marketing advertisements 
in association with the credit transaction; 

transmitting, by the purchaser to the service organization, selected marketing 
advertisements for the purchaser; 

filtering, by the service organization, the selected marketing advertisements for 
the purchaser, and 

sending the selected marketing advertisements to the purchaser. 
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7. The method of masking a true identity of a purchaser of claim 1 wherein the 
alias credit account displays alias information masking the true identity of the purchaser. 

8. The method of masking a true identity of a purchaser of claim 7 wherein the 
alias information includes an alias name and an alias account number. 

5 9. The method of masking a true identity of a purchaser of claim 8 wherein the 

alias information includes an alias address for the purchaser. 

1 0. The method of masking a true identity of a purchaser of claim 8 further 

comprising, after the step of associating the alias credit account with the purchaser, the step 

of delivering the selected item to the alias address. 
10 11. The method of masking a true identity of a purchaser of claim 1 wherein the 

alias credit account includes a virtual card having an alias name and alias account number. 

12. The method of masking a true identity of a purchaser of claim 1 wherein the 
alias credit account includes a physical card having an alias name and alias account number. 

1 3 . The method of masking a true identity of a purchaser of claim 1 2 wherein the 
1 5 physical card includes a photograph of the purchaser to verify the purchaser. 

14. The method of masking a true identity of a purchaser of claim 1 wherein the 
step of conducting a credit card transaction by the purchaser includes authorizing the 
transaction. 

1 5 . The method of masking a true identity of a purchaser of claim 1 4 wherein the 
20 step of authorizing the transaction includes: 

requesting a credit status report on the purchaser by a merchant selling to the 
purchaser in the transaction; 

associating the alias account with the true identity of the purchaser; and 
sending the credit status report of the purchaser to the merchant. 
25 1 6, The method of masking a true identity of a purchaser of claim 1 4 wherein the 

~^\step of authorizing the transaction includes: verifying the alias account as a valid 

credit account; and verifying that credit is available to purchase the selected item. 

17. The method of masking a true identity of a purchaser of claim 1 further 
comprising, after the step of associating the alias credit account with the purchaser, the step 

30 of delivering the selected item to the purchaser. 

1 8. The method of masking a true identity of a purchaser of claim 17 wherein the 
step of delivering the selected item to the purchaser includes: 
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delivering the selected item to a shipping company; 

associating the alias account with a desired address of the purchaser; and 

delivering the selected item to the desired address. 

1 9. The method of masking a true identity of a purchaser of claim 1 7 wherein the 
5 desired address is an alias address for pickup of the selected item by the purchaser. 

20. The method of masking a true identity of a purchaser of claim 1 wherein the 
step of enacting a credit card transaction by the purchaser includes verifying the purchaser 
through a Personal Identification Number (PIN) confirmation system. 

21. A method of conducting an anonymous credit card transaction by a purchaser 
10 (30), the method comprising the steps of: 

ordering a selected item by the purchaser, the purchaser utilizing an alias credit 
account having alias information of the purchaser, the alias credit account associated with a 
core account having a real identity of the purchaser; 

authorizing a purchase of the selected item; and 
15 sending the selected item to the purchaser. 

22. The method of conducting an anonymous credit transaction of claim 22, 
wherein the step of authorizing a purchase of the selected item includes verifying the alias 
account as valid and having allowable credit to purchase the selected item. 

23. The method of conducting an anonymous credit transaction of claim 22, 
20 wherein the step of verifying the alias account includes linking the alias account with the core 

account of the purchaser through a service organization. 

24. The method of conducting an anonymous credit transaction of claim 23 wherein 
the service organization alone maintains a database for associating the alias credit account with 
the core account. 

25 25. The method ofconducting an anonymous credit transaction of claim 21 wherein 

the step of sending the selected item to the purchaser includes the step of delivering the 
selected item to an alias address for pickup by the purchaser. 

26. The method of conducting an anonymous credit transaction of claim 2 1 wherein 
the step of sending the selected item to the purchaser includes the steps of: 
30 delivering the selected item to a shipping company; 

associating the alias account with a desired address of the purchaser; and 
delivering the selected item to the desired address. 
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27. A method of masking a true identity of a purchaser (30) during a credit 
transaction, the method comprising the steps of: 

establishing an alias credit account associated with the purchaser, the alias 
credit account having an alias name masking the true identity of the purchaser; 
5 conducting a credit transaction by the purchaser to purchase a selected item 

using the alias account; 

verifying that the alias account is a valid credit account and that credit is 
available to purchase the selected item; 

associating the alias credit account with a core account displaying the true 
1 0 identity of the purchaser; and 

debiting the core account for the credit transaction. 

28. The method of masking the identity of a purchaser of claim 27, further 
comprising, after the step of associating the alias credit account with a core account, the step 
of delivering the selected item to a desired address of the purchaser. 

15 29. A method of masking a true identity of an individual (3 0) during a transaction, 

the method comprising the steps of: 

establishing an alias account associated with the individual, the alias account 
masking the true identity of the individual; 

conducting a transaction by the individual using the alias account; and 
20 associating the alias account with the individual. 

30. The method of masking a true identity of an individual of claim 29 wherein: 
the individual is a patient; 

the step of conducting a transaction includes: 

treating a patient, by a health care provider, and 
25 requesting information on health insurance coverage of the patient by 

the health care provider; and 

the step of associating the alias account with the individual includes linking the 
alias account to the true identity of the individual. 

31 . The method of masking a true identity of an individual of claim 30 further 
30 comprising, after the step of associating the alias account with the individual, the step of 

transmitting the requested information of the patient to the health care provider. 

32. The method of masking a true identity of an individual of claim 29 wherein: 
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the alias account is associated with a flexible spending account of the 
individual; and 

the step of conducting a transaction by the individual includes: 

providing a benefits provider providing benefits to the individual with 
information from the alias account; and 

requesting payment from the alias account by the benefits provider. 

33. The method of masking a true identity of an individual of claim 32 further 
comprising, after the step of associating the alias account with the individual, the step of 
paying the benefits provider from the alias account. 

34. The method of masking a true identity of an individual of claim 29 wherein: 
the individual is a purchaser; 

the step of conducting a transaction includes: 

purchasing through the alias account by the purchaser from a health care 

merchant; and 

requesting information on health coverage of the purchaser bythe health 

merchant; and 

the step of associating the alias account with the purchaser includes linking the 
alias account to the true identity of the purchaser. 

35 . The method of masking a true identity of an individual of claim 34 wherein the 
health care merchant provides medical services during the transaction. 

36. The method of masking a true identity of an individual of claim 34 wherein the 
health care merchant provides medical goods to the purchaser during the transaction. 

37. The method of masking a true identity of an individual of claim 29 wherein: 
the individual is a purchaser; 

the step of conducting a transaction includes: 

purchasing through the alias account by the purchaser from a health care 

merchant; and 

verifying that the alias account is a valid credit account and that credit 
is available to purchase the selected item. 

38. A method of masking a true identity of an individual (3 00) during a transfer of 
medical records of the patient from a first health care provider (302) to a second health care 
provider (309), the method comprising the steps of: 
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transferring the medical records from the first health care provider to a service 
organization (308); 

masking the true identity of the individual by the service organization; and 
transferring the masked medical records to the second health care provider. 

39. The method of masking a true identity of an individual of claim 38 wherein the 
step of masking the true identity of the individual by the service organization includes the step 
of replacing the true identify of the individual with an alias name. 

40. A method of masking a true identity of an individual (310) requiring a credit 
status report to complete a transaction, the method comprising the steps of: 

establishing an alias account associated with the individual; 
conducting the transaction by the individual to a financial institution (312) 
using the alias account, the transaction requiring the credit status report; 

requesting the credit status report by the financial institution; 

associating the alias account with the individual; and 

sending the credit status report of the individual to the financial institution. 
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(57) A system, in which information is the primary 
asset and in which investments may be made in infor- 
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serving individual privacy is provided. The system also 
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maintaining the privacy of such information. A first data 
store includes static identification data about a user. A 



second data store includes moderately dynamic per- 
sonal data about the user. A third data store includes 
dynamic demographic information data about the user. 
An electronic wallet can be used with the system to 
download selected portions of the data for use by the 
user. A method of use of the data includes using the 
data for billing out forms, providing services to the user 
and allowing merchants to selectively target users for 
sales while maintaining user anonymity. 
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Description 

CROSS REFERENCE TO RELATED APPLICATIONS 

[0001 J This application is related to Provisional Patent s 
Application No. 60/065,291 entitled "Distributed Net- 
work Based Electronic Wallet," filed on November 12, 
1997, to which priority is claimed. 

FIELD Q F INVENTION 

[0002] This invention relates to information storage 
and retrieval systems, and more particularly, to an elec- 
tronic system for storage and authorized distribution of 
personal information. 

BACKGROUND OF INVENTION 

[0003] In today's information-based economy, infor- 
mation is recognized by may corporations as a primary 
asset which, much like currency, fully realizes its value 
only with frequent use. Information is a important asset 
not only for corporations, but also for individuals who 
often need to repetitively provide certain personal facts 
to merchants and service providers with whom they do 
business. 

[0004] Collections of personal information, in the form 
of demographics, are invaluable to companies wishing 
to conduct targeted marketing campaigns. Examples of 
information collections include insurance policies, legal 
documents, medical records, and financial and credit 
histories. This information represents a valuable com- 
modity which may corporations are willing to purchase. 
[0005] In fact, may companies are known to massage 
their consumer accounts to create mailing lists which 
can be sold. Likewise, most consumers know this hap- 
pens, and are not surprised to receive a barrage of cat- 
alogs from previously unknown vendors after placing a 
mail order for goods. Many consumers are annoyed by 
this practice and some may even avoid the offending 
vendor in the future in order to prevent further abuse of 
their personal information. However, most of these con- 
sumer concerns could be eliminated, or at least 
reduced, if this data were first scrubbed or sanitized to 
remove all references to the particular individual before 
being made available as marketing data. 
[0006] Privacy is a growing concern in the internet and 
electronic commerce arena because each time you 
enter a site, your browser already tells the server a lot 
about you, such as which browser you're using and your 
IP address. This makes it easy for data miners to track 
site visits and strip information from unsecured data 
transmissions. In response, the Internet business com- 
munity is promoting Open Profiling Standards (OPS) 
which allow individuals to save personal information on 
a hard drive on their PC and only allow others to access 
portions of this information after the individual grants 
permission. 



[0007] There is also concern over the use of cookies, 
or tokens that are attached to a user program and 
change depending on the web site areas entered. When 
you enter a web site using cookies, you may be asked to 
fill out a form providing information such as your name 
and interests. This information is packaged into a 
cookie and sent to your web browser which stores it for 
later use. The next time you go to the same web site, 
your browser will send the cookie to the web server. The 
server can use this information to present you with cus- 
tom web pages. Cookies are typically designed to be 
persistent and remain in the browser for long periods of 
time, and can be used to unknowingly disclose the 
address of the site you most recently visited, or move- 
ments within a site. 

[0008] Consumers also increasingly want to system- 
atically organize and secure personal information but 
are generally limited in their ability to do so by the avail- 
ability of commercial software programs. For example, 
certain financial planning ad management software 
packages provide a facility for storage of personal infor- 
mation on the consumer's PC. This practice can be vex- 
ing if the PC subsequently experiences an anomalous 
operation or a system malfunction. There is then a need 
for a system which would allow personal information to 
be professionally backed-up, thus protecting against 
mishap, natural disaster, negligence, or even PC theft. 
[0009] Consumers also want the ability to control and 
define access to their information, using presently avail- 
able technology to securely and privately store, sort 
and/or exchange information. There is then a need for a 
third party who would provide these types of services 
with a primary aim of preserving its consumers' per- 
sonal privacy. 

SUMMARY OF THE INVENTION 

[001 0] In one aspect the invention provides a system 
for the selective organization, access to and use of per- 
sonal data. The system may include a server having 
data storage capability for storing different types of per- 
sonal data in distinct data stores, i.e., an "information 
bank", such that the information may be efficiently used 
by the consumer and by institutions which the consumer 
has authorized to access the data. A first data store may 
include what is known as static identification data which 
is personal to a user such as a consumer and which is 
typically necessary for establishing a relationship 
between the consumer and an institution. Such a con- 
sumer will have a means to access the static identifica- 
tion data, such as a personal computer, network 
computer, smart telephone or other communication 
device through the Internet or other network connection 
or wireless connection. A second data store may 
include what is known as moderately dynamic personal 
data about a user or may users, again a consumer or 
consumers. This would typically include a large volume 
of data which may be difficult to manage and which is 
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stored primarily for the convenience of the consumer. A 
third data store may include dynamic demographic 
information data about the users or consumers. This 
data may be mined from the data stores mentioned 
above, or may be the result of information provided by 
the consumer, for example, in response to surveys. Typ- 
ically, this information is valuable to many research and 
marketing institutions which may directly or indirectly 
compensate the consumer for access to the informa- 
tion. 

[0011] For purposes of the disclosure herein, by the 
term "static identification data" is intended to mean a 
relatively small amount of data which is relatively static 
and which is typically necessary for establishing a rela- 
tionship between the consumer and an institution. This 
type of data is stored for a indefinite period of time, typ- 
ically at no cost to the customer. Examples of this type 
of data include name, address, phone number, social 
security number and other commonly asked for informa- 
tion on forms, applications, etc. This type of data can be 
used in services provided by an institution such as a 
bank as a free account to permit activities such as auto- 
mated form filling, safe shopping and general electronic 
commerce. Such a account file can generally be 
referred to as a "courtesy account." 
[001 2] With respect to "moderately dynamic personal 
data", this is intended to mean a large amount of data, 
which is dynamic and which is stored over long periods 
of time. Such types of data includes, for example, billing 
history, payment history, loans, real estate holdings, 
stock, bond, fund holdings, medical records, home web 
pages and the like. This type of data can be used in 
services provided by an institution such as a bank on a 
charge for service basis, and may be used in the 
account for bill presentment/payment, relationship man- 
agement, tax preparation, divergency information (med- 
ical records) focal point, and the like. Such an account 
and file can generally be referred to as a "service 
account." 

[001 3] As to "dynamic demographic information data", 
it is characterized by being demographic data including, 
user interests, user profiles and user agents. Examples 
include age, geographic location, race, religion, profes- 
sional interests, hobby interests, frequent purchase cat- 
egories, explicit requests for information, explicit 
requests for blocking categories of information. Custom- 
ers who allow use and transmission of this data to oth- 
ers such as merchants could be paid a portion of 
receipts of selling that data received by an institution 
such as bank. The data can be provided to market 
research organizations, electronic census providers, 
organizations which provide profile special offers and 
the like. Such an account and file can generally be 
referred to as a "value generation account." 
[00t4] More specifically, a consumer's financial insti- 
tution, by the nature of the transactions in which it 
engages, already has in its possession targe amounts 
of confidential and disclosure-sensitive information. As 



may be appreciated from the prior description, exam- 
ples of this type of information include credit card pur- 
chases, income data, bank card transactions, loan 
application/servicing, etc. Thus, it is optimal for the 

5 financial institution to maintain principal possession, 
maintenance and storage of the types of information 
described previously for consumer authorized use and 
distribution, while simultaneously achieving, without the 
introduction of yet another party, the securing of the 

w consumer's personal information in an "information 
bank." 

[0015] In accordance with the invention, the con- 
sumer's information may be made available through the 
financial institution's computer network server, thereby 

75 allowing convenient "universal" access to the con- 
sumer's personal information, i.e., "static identification 
data". Thus, access to the consumer's information is 
only limited by access to standardized devices on com- 
puter networks, such as personal computers, i.e., PC's, 

20 network computers. PDAs, smart telephones and other 
communications devices which are connected to the 
financial institution through the Internet or other network 
connection. More importantly, the present invention 
eliminates the need for consumers to have direct 

25 access to the consumer's own PC, while at the same 
time providing required security and access authoriza- 
tion controls. 

[0016] As noted previously, there is also a need to 
organize and utilize a much broader range of informa- 

30 tion, including personal information. This type of infor- 
mation further includes data that is commonly 
associated with an individual, i.e., the "moderately 
dynamic personal information", and can be accessed by 
specific types of organizations or entities such as doc- 

35 tors, tax preparers, etc. Essentially, this information is 
automatically transferred, upon consumer authoriza- 
tion, to another party in a format that can be used. 
[0017] Finally, it is also desirable to organize demo- 
graphic information, i.e., "dynamic demographic infor- 

40 mation data", from consumers into collections of data 
for evaluation and use by other institutions and individu- 
als. May of these institutions and individuals, which 
include merchants and others engaged in commerce 
and institutions engaged in research, are willing to pay 

45 for access to such information. However, due to privacy 
concerns it is desirable to make demographic informa- 
tion available without disclosing sensitive information 
about individual consumers, such as actual name, phys- 
ical address, e-mail address, telephone number, etc. to 

so a institution. Therefore an inquiring institution, for exam- 
ple a merchant, can come to the institution storing the 
consumer's data, such as a consumer's financial institu- 
tion, and request an information-based (e.g., electronic) 
profile of the kind of consumer to which its products and 

55 services would be suited. Such a profile would typically 
include the number of consumers within the database 
that met certain criteria. The merchant could then 
request that the financial institution deliver information 
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or advertisements of its products or services to individ- 
uals which meet certain criteria. The financial institution 
would then deliver the information or advertisement to 
individual consumers thus preventing direct contact 
between the merchant and the individual. After the con- 
sumer has the opportunity to anonymously review such 
information, the consumer at its own discretion may 
choose to contact the merchant. 
[001 8] A portion of the fee charged by the consumer's 
financial institution for the request and receipt of the 
consumer information may be used to pay the con- 
sumer as an inducement to participate in the transac- 
tion. Accordingly, the consumer is investing information 
for financial and/or non-financial gain. One example of 
non-financial gain might be the receipt of loyalty credits, 
as in the case of airline mileage points. Therefore, the 
consumer is remunerated by the financial institution 
depending on what the business strategy requires. 
[0019] The system of the information bank can thus 
provide, in specific aspects, three types of accounts: a 
courtesy account, a service account, and a value gener- 
ation account. Basic information can be stored in the 
information bank courtesy account and used for auto- 
mated "form filling" services which are useful to the con- 
sumer as an easy means for providing personal 
information to others when and as authorized. This 
service may also include a digital signing service, a dig- 
ital signature verification service, and, for example, 
notary services. 

[0020] The information bank system's service account 
is appropriate for larger amounts of consumer gener- 
ated data which grows steadily over time. The service 
will provide for secure backup and storage, as well as 
for "ubiquitous" and "nomadic" access. Service 
accounts may hold transaction logs, account histories, 
medical records, insurance information, financial 
records, etc. 

[0021 ] As personal computing devices become more 
accessible and "connected" through the Internet and 
other home networks, the requirement for home data 
storage devices may decrease. Since "standard" con- 
sumer software applications such as e-mail and home 
accounting packages have become readily available 
across distributed commercial networks, there is now a 
corresponding need for network based information stor- 
age and safekeeping such as is provided in accordance 
with the invention. One advantage of using networked 
information storage is that consumers will have access 
from many locations, and will not have to carry the infor- 
mation with them when they travel, as do people today. 
The consumer's information can be made securely and 
privately available, for example, through "set top boxes" 
i.e., cable system boxes used on television, and having 
advanced architecture such as RISC based technology, 
in hotel rooms or on terminals in emergency hospitals 
upon authorized demand via smart cards or other simi- 
lar devices. 

[0022] The service account will also provide software 



and data backup/archival services for small office/ home 
office (SOHO) proprietors who prefer not to own stand- 
ard office software applications, and who wish to know 
that their business records and data are securely and 

5 professionally managed. 

[0023] Another feature of the service account is to pro- 
vide third party access to otherwise confidential infor- 
mation in the event of accident, emergency, or death. 
For example, an unconscious accident victim can't pro- 

w vide PIN or biometric access to urgently required medi- 
cal information. Under these or other appropriate 
circumstances, the service makes stored medical infor- 
mation such as patient allergies, medications, medical 
history, etc., available to authorized recipients. This fea- 

75 ture also allows estate executors to access information 
that is required to handle estate matters, for example, 
private keys. 

[0024] Storing data in a self describing meta lan- 
guage, such as XML format, facilitates transfer and use 

so of data by third parties. With proper account owner 
access authorization, the service facilitates access and 
understanding of stored personal information, which 
should reduce the dollar and time cost of services pro- 
vided by third party professional service providers, such 

25 as accountants or physicians. 

[0025] The service account may also include a cryp- 
tographic key escrow and recovery service which pro- 
vides key escrow and recovery service by storing a key 
pair and certificate copy after these are generated by a 

30 browser, or by generating a key pair and certificate and 
storing a copy. The service then provides a replacement 
copy of the key pair and certificate in response to an 
authorized consumer request. 
[0026] The present invention will enable the establish- 

35 ment of a trusted third party service to market demo- 
graphic and other valuable marketing type information 
to manufacturers, distributors, and other marketing con- 
cerns, while protecting an individual's identity. Fuzzy 
logic matching is used to match merchant and con- 

40 sumer, on an anonymous basis so that neither knows 
the identity of the other, and allow consumers to search, 
shop, and negotiate anonymously, with only items that 
match their interests being brought to their attention by 
the service. 

45 [0027] The system information bank may also serve 
as clearing house and mint for value exchange units 
created for use as coupons, tickets, tokens and other 
loyalty schemes. All of units will go through essentially 
the same creating, capture, redemption, and automated 

so clearing functions. The information bank can provide 
services related to the creation and maintenance of loy- 
alty programs. These coupons, tokens, etc. can be 
stored in the information bank and temporarily distrib- 
uted to or tracked by, for example, an electronic wallet. 

55 For purposes of this disclosure an "electronic wallet" is 
a virtual container for the various information and finan- 
cial application a user might want to be mobile. The 
information is generic in nature, and the "wallet" can be 
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made to hold a heterogeneous collection of applications 
that are not necessarily affiliated, or even offered by the 
issuer of the wallet. The applications can be added "ad 
hoc* after issuance of the wallet. Although not required, 
one example of an implementation of the "wallet" is 
through the use of "smart card" technology of the type 
well known to those of ordinary skill in the art. 
[0028] The system of the information bank also pro- 
vides the ability for consumers to specify certain impor- 
tant events of which they wish to be reminded or 
notified. The consumer can also define a notification 
hierarchy or priority, e.g. cell phone, work number, e- 
mail, home number, etc. and the tenacity built into the 
system for notification for each event. 
[0029] The "information bank" also includes the ability 
to provide an anonymous shopping service which 
allows the shopper to span multiple merchant sites and 
shopping services. The information bank intermediates 
the consumer shopping by assigning the consumer a 
different alias for each site in order to make cross corre- 
lation by data scavengers more difficult. Orders to pop- 
ular merchants are consolidated and paid in a lump 
sum. Consumers are billed internally by the information 
bank, so no consumer payment identification informa- 
tion crosses the Internet or is made available to mer- 
chants. Consumers may have goods shipped to a drop 
address from which a third party re-ships the goods to 
the consumer so that the merchant never knows the 
identity of the consumer, and the re-shipper does not 
know shipment contents. 

[0030] The service also provides Internet and point of 
sale identity protection. By substituting the consumer 
account name with a random number every time the 
user's information is sent over the network, the informa- 
tion bank keeps track of the aliases it generates and 
internally routes responses to appropriate parties while 
preserving anonymity. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0031] Having briefly described the invention, it will 
become better understood from the following detailed 
discussion, viewed with reference to the attached draw- 
ings, wherein: 

FIG. 1 presents a general overview of an embodi- 
ment of the present invention; 
FIG. 2 presents a general overview of a use of a 
first specific data store as implemented in the sys- 
tem; 

FIG. 3 presents a general overview of a use of a 
second specific data store as implemented in the 
system; 

FIG. 4 presents another general overview of a use 
of a second specific data store as implemented in 
the system; 

FIG. 5 presents a general overview of how a con- 
sumer inputs information or data into the second 



specific data store of FIGS. 3 or 4; 
FIGS. 6 and 7 present a general overview of alter- 
native ways of how consumers may access the sec- 
ond specific data store, i.e., the service account, in 

s the system; 

FIG. 8 is a detailed overview of the use of a third 
specific data store as implemented in the system, in 
combination with the use of the first and second 
specific data stores; 

10 FIG. 9 is an alternate overview of the use of a third 
specific data store as implemented in the system; 
FIG. 10 is an overview of how certain events trigger 
notification to consumers using the system; 
FIG. 11 shows how the system may be imple- 

is mented to provide consumer information to mer- 
chants on an anonymous basis; 
FIG 12 is a table showing the different types of data 
in the different accounts of the system; 
FIG. 13 is an architectural overview of an electronic 

20 wallet to be used in the system; and 

FIG. 14 illustrates a wallet and application access 
scheme. 

DETAILED DESCRIPTION 

25 

[0032] The information banking system which 
includes a distributed network based electronic wallet 
provides a means for consumers to interface with both 
the information bank and third-party providers of goods. 

30 services or information who are referred to herein as 
merchants. In Figure 1, the consumer 25 is shown 
either interfacing with an information bank 23 and vari- 
ous merchants or service providers 27. This can be 
done by the consumer 25 through a home PC or at a 

35 walk-up kiosk type device which utilizes smart card 
technology, Connection to the information bank 23 can 
be through conventional transmission lines 29 such as 
telephone lines, cable, wireless communication, etc. 
Regardless of the type of user interface chosen, the 

40 consumer communicates through the network 29, to the 
information bank 23 and/or the merchants or service 
provider 27. The network may be a closed network, 
accessible only to the consumer 25, the information 
bank 23 and approved merchants or providers 27, or it 

45 may be a network such as the Internet, where all trans- 
actions are conducted in a secure manner well known in 
the art through appropriate encryption. The information 
bank 23 can be made up of a conventional server with 
appropriate data storage. Within the data storage, sep- 

50 arate files or accounts can be defined as will be readily 
apparent to those of ordinary skill in the art. Communi- 
cations between the server and other users/devices is 
achieved by conventional means such as a telephone 
modem, cable modem or other like established and well 

55 known systems. 

[0033] In Figure 1 there is shown an overview of the 
types of accounts which will be maintained at the infor- 
mation bank 23 and the types of information retrieval 
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which the consumer 25 can control. The consumer's 
authorized information will be either requested by or 
relayed to various merchants or service providers 27 
consisting of associations, hitlers, or financial institu- 
tions with whom the consumer 25 wishes to transact 
business. One type of consumer account is known as a 
courtesy account 31 and holds certain home or per- 
sonal information, such as the name, address, phone 
numbers, e-mail address, birthday, social security 
number, mother's maiden name, spouse's information 
and other familial information which is commonly 
needed to fill out forms or otherwise identify the con- 
sumer to those with whom they do business. This type 
of data is typically known however as "static identifica- 
tion data" as has been described and will become 
clearer further herein. 

[0034] A second type of account is a service account 
33 which is maintained for the benefit of the consumer 
and contains "moderately dynamic personal data" about 
the consumer 25, as well as software programs which 
can be accessed by the consumer 25, and which may 
be accessed or populated by various merchants or 
service providers 27 as authorized by the consumer 25. 
For example, banking accounts, insurance information, 
tax returns, and other consumer data can be stored in 
the service account. This data is characterized by being 
a large amount of data which is dynamic and stored 
over long periods of time. It can be used for functions 
such as bill presentment/payment, relationship man- 
agement, tax preparation, and other purposes as will 
become clearer further herein. 
[0035] Figure 1 also shows a third type of data known 
as "dynamic demographic information data" which is 
kept in a value generation account 25. This file or 
account 35 is provided as a means for the consumer 25 
to define certain demographic data, including a generic 
consumer profile, interests and hobbies, and the types 
of information the consumer would like to receive from 
third parties. This information is stored in the value gen- 
eration account 35. Upon request by a third party mer- 
chant or service provider 27, a profile or aggregate of 
consumer information may be provided to the third paly 
merchant or service provider by the information bank 23 
for a fee. The profile or aggregate of information about 
participating consumers will not provide information 
which identifies individual participating consumers, but 
will rather provide the third party merchant or service 
provider wfth sufficient information to determine if it will 
request that the information bank provide consumers 
with advertisements of its merchandise or services. 
Merchants or service providers 27 will likely agree to 
pay for this aggregate consumer data and for indirect 
access to the consumers whose information is con- 
tained in the data bank because it will enable the mer- 
chant or service provider 27 to direct specific offers to a 
targeted market in an efficient manner. 
[0036] Figure 2 illustrates, one example, of how the 
courtesy account can be used as a form filling service. 



In this figure, there is a three-way relationship between 
the merchant, in this case a doctor 39, the consumer 25 
and the information bank 23. First, the merchant, or in 
this case, a doctor 35 will send a permission request for 

5 information to the consumer 25 through a separate con- 
nection 37 which can be the Internet, a dedicated line, a 
phone call, etc. The consumer 25 will then send a per- 
mission message, including a verifiable signatures, 
back to the doctor 39. The doctor 39 will then forward an 

io information request through, for example, use of com- 
munication device, including a now verifiable permis- 
sion to the information bank 23. The information bank 
23 will verify the permission as being valid for this par- 
ticular consumer 25 before forwarding the consumer's 

75 personal information to the doctor's office 39. The infor- 
mation in this scenario is originally entered by the con- 
sumer 25 directly into the information bank 23. It is also 
expected that a merchant or a service provider, such as 
a doctor, who maintains information about an individual, 

20 such as a history of immunizations, could have such 
information directly transmitted to the information bank 
when the doctor is authorized to do so by his patient. 
This would give the patient/consumer the convenience 
of having the merchant or service provider provide the 

25 Information Bank with a medical history or with update 
information, such as a recent immunization, about the 
patient/consumer without the inconvenience of the 
patient/consumer having to manually forward such infor- 
mation to the Information Bank which would then have 

30 to take the additional step of entering the data. This 
would also save the doctor the cost of storing the 
records. 

[0037] Of course, this type of service is not limited to 
form filling. In a more general sense, the Information 

35 Bank allows the consumer to grant conditional, single 
access or limited access to service providers or mer- 
chants such as tax specialists, loan brokers, financial 
planners, and similar entities, which typically use infor- 
mation provided by a consumer. After retrieving the con- 

40 sumer's information, these entities may generate 
compilations and/or analysis of the consumer's data 
and, for example, prepare a tax return, loan application 
or financial plan for the consumer. The service provider 
could then either return the prepared document to the 

45 consumer or directly file documents such as a tax 
returns if authorized to do so by the consumer. Result- 
ing information might also be incorporated into the con- 
sumer's information stored in the Information Bank for 
future access and/or analysis. 

so [0038] Figure 3 depicts the use of the information 
bank service account 33 to provide a signing service. 
Such a service may be provided where a consumer 25 
requests such a service and provides the service insti- 
tution with adequate authorization, such as a power to 

55 attorney, to provide signatures for the consumer. As 
shown in this diagram, the consumer 25 forwards an 
unsigned document to the information bank 33 where 
cryptographic software 39 which is conventional in 



6 



11 



EP 0 917 119 A2 



12 



nature and well known to those of ordinary skill will be 
used to authenticate the consumer 25 and generate a 
signed document for return to the consumer 25. Also, it 
is expected that the consumer may authorize the infor- 
mation bank to sign certain documents for the con- s 
sumer which have been transmitted to the bank by third 
parties. In such a case, the consumer would review the 
document and instruct the information bank to sign the 
document The information bank could then return the 
document to the consumer or to the third party if 10 
requested by the consumer. 

[0039] Electronic commerce requires certain trust 
components be implemented for signing services. More 
specifically, current digital signing procedures require 
parties in electronic transactions to provide critical trust is 
components such as encryption and non-repudiation 
services. The current public key infrastructure (PKI) 
which is promoted by various vendors involves certifi- 
cate authorities (CA's). For the power of attorney signa- 
ture service described above, the information bank 20 
would provide the required key and certificate authority 
without requiring access to any private verification infor- 
mation or key possessed by a consumer, but would 
instead provide all authentication services through the 
information bank service. The information bank would in 25 
turn require adequate authentication from the individual 
consumer for execution of the signing service. 
[0040] By implementing a digital signing service with 
appropriate software 39, the information bank 23 can be 
used to remedy or eliminate many of the issues related 30 
to registration, certificate issuance, certificate verifica- 
tion and certificate revocation lists (CRLs). This also 
reduces the size of the data transfer required for a veri- 
fied transaction, because a standard certificate includes 
the certificate holder's identity, the certificate serial 35 
number, a certificate holder's expiration dates, a copy of 
the certificate holder's public key, the identity of the CA, 
and the CA's digital signature which is used to confirm 
that the digital certificate was issued by a valid agency. 
[0041] The present invention also provides for digital 40 
signature verification and notary services. This is illus- 
trated in Figure 4. Current PKI solutions require several 
components in order to verify the integrity of a digital 
signature. Besides the document and the signature 
itself, all certificates in the chain to a trusted root and 45 
access to the CRLs for each CA must be available. 
These components are then fed into a software program 
that verifies first, that no certificate was on a CRL at the 
time of signature; second, the integrity of each certifi- 
cate in the chain based on the public key of the next so 
higher certificate in the chain is unquestioned; and third, 
the integrity of the original document. A consumer 25 
wishing to perform this process needs access to this 
software, but they must also trust the software that's 
performing these checks. That is. if the software pro- 55 
vides a valid or invalid signature result, but the software 
is not adequately safeguarded on the consumer's 
machine, then any result provided by this software is 



suspect. 

[0042] Tlie signature verification function offered by 
the present invention provides a simplified and trusted 
method for verifying the integrity of additional signa- 
tures. A consumer 25 is not required to understand the 
intricacies of CRLs and is not forced to load crypto- 
graphic software onto his access device. Instead, the 
consumer 25 just forwards the signature and request to 
the information bank 23, which performs the appropriate 
checks. In this case, the cryptographic software 39 is 
already loaded into the information bank 23, but the 
CRL and root certificate are provided through line 41 to 
the information bank 23 to perform the verification for 
the consumer 25. An alternate function, somewhat 
related to signature verification, is an actual signing 
function. In providing a signing function, the information 
bank 23 accepts an unsigned document and signs it on 
behalf of the consumer 25. Another benefit of offloading 
the signing and verification process to the information 
bank 23 is that is reduces the overhead on the con- 
sumer 25 device. It takes quite some time to generate a 
1024-bit key pair using a browser on a current Pentium 
processor. The information bank 23. however, will be 
running this software on a state-of-the-art machine as 
previously discussed, which is capable of quickly per- 
forming this function. Furthermore, the information bank 
23 will operate in a secured environment which will elim- 
inate any questions related to software integrity, and will 
provide access to all required CRLs and route certifi- 
cates from the appropriate X.500 directory structures 
through connections 41 , many of which are likely to be 
stored in local cache memory. The information bank 23 
also functions as a secured backup and storage facility 
service. 

[0043] As more and more consumers begin to use 
electronic commerce and related electronic bill paying 
services, consumers will need to maintain important 
home records related to these transactions on their own 
PCs. The consumer may soon have access to and 
require safe storage for electronic copies of insurance 
policies and other legal documents. Many consumers 
already create large amounts of data with personal 
financial software, such as those commercially available 
under the names Quicken or Turbo Tax. The secured 
backup and storage service provided by the information 
bank 33 provides the consumer 25 with the capability to 
safely and securely store important documents on serv- 
ers which are professionally managed and reside on 
Information bank 23 hardware. Storage remote from the 
consumers' PC provides a disaster recovery plan and 
mitigates any problems associated with hard disc 
crashes, fire or theft. 

[0044] Figure 5 provides an overview diagram of the 
types of personal financial information which will be res- 
ident on or managed by the information bank's secured 
backup and storage devices. Personal financial informa- 
tion, such as banking, bill presentment, stocks, mutual 
funds, 401 K accounts or IRAs, all collectively identified 
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with the number 43, can be transferred to the informa- 
tion bank through connections 29 under the consumer's 
control. Legal documents such as insurance policies, 
wills, deeds, contracts and other electronic commerce 
documents can also be forwarded to the information 
bank 23 lor secure archival. Electronic artifacts, such as 
coupons, point of sale receipts, tickets, tokens and other 
forms of loyalty credits can be made by the consumer 
25 and tracked in the information bank 23 in a secured 
manner. Important medical records will increasingly be 
created and stored electronically by medical service 
providers, and such records of consumers' allergies, 
medications, past x-rays, diagnoses and doctor's notes 
can be stored by the consumer 25 and securely and 
confidentially saved at the information bank 23 in the 
service account 33 for release only as approved by the 
consumer 25. In the preferred embodiment the con- 
sumer 25 would instruct the third party merchant to for- 
ward this information directly to the information bank 23 
and it would 1hen be stored therein for the consumer. In 
an alternate embodiment, these financial and personal 
documents would be moved from the third party mer- 
chant to the consumer 25 and then forwarded by the 
consumer to the information bank 33.. 
[0045] Another office related service is the virtual 
office provided by the information bank 23. This service 
compliments the storage and secure backup by, for 
example, providing software for students, or for use at 
small offices or home offices. Suites of office software, 
including word processing or spreadsheet programs, 
could be provided for the cost conscious individual who 
has Internet access but does not necessarily have the 
resources to pay for, or the desire to continually update 
and manage, a home office software library. This can be 
provided by the service account 33 and implemented in 
a conventional manner well known to those of ordinarily 
skill in the art. Subscribers to this service would be able 
to execute the software when needed and would never 
have to worry about upgrades or system compatibility, 
which would be managed by the information bank 33 
which transmits the software to the consumer 25 for use 
by the consumer 25 on the consumer's device, e.g., 
home computer. 

[0046] The information bank 23 can be used to coor- 
dinate the consumer 25 information stored in the infor- 
mation bank 23 with third party service providers in 
order to more conveniently allow the consumer 25 to 
use the third party services. For example, the informa- 
tion bank 23 may be used to provide software which will 
facilitate the downloading of certain consumer informa- 
tion to printing services or in case of emergency, to 
medical providers. The information bank 23 may also be 
programmed to release this information to, for example, 
executors of the consumer's estate if previously author- 
ized to do so by the consumer 25. By being able to 
share information generated by various service provid- 
ers, the consumer 25 will find that many previously bur- 
densome tasks are now easily accomplished. In the 



preferred embodiment, this data will be stored in a self- 
describing format, such as the XML protocol for easy 
transfer to and use by various third parties. 
[0047] Both Netscape and Microsoft Corporations 

5 market web browsers which currently provide support 
for generating key pairs. However, if a user is so unfor- 
tunate as to suffer a disc crash or has failed to update 
the browser software, it is possible that a user could 
lose the keys forever. Once this happens, there is no 

10 way to retrieve the information previously encrypted 
with the keys. The information bank 23 may offer a key 
escrow and recovery function as further depicted in Fig- 
ure 6 to protect the consumer 25 against catastrophic 
key losses. In Figure 6 the consumer 25 uses software. 

is such as a browser, which can generate a key pair gen- 
eration request and forward it to the information bank 
23. The information bank 23 then generates a key pair 
and certificate, saves the key pair and certificate, and 
forwards them to the consumer 25 for use. A second 

20 option is shown in Figure 7 in which the consumer 25 
using browser software, generates the key pair and cer- 
tificate and then forwards the key pair and certificate to 
the information bank 23 for archival. If the consumer 25 
ever loses a key pair, the consumer 75 can request and 

25 receive a replacement copy from the information bank 
23. To accomplish all of this, of course, cryptographic 
software 39 is required, the details of which will be read- 
ily apparent to those of ordinary skill in the art. 
[0048] The information bank 23 is configured to gen- 

30 erally facilitate electronic transactions and make the 
consumer's life easier and more convenient. The value 
generation account 35 to be discussed in greater detail 
hereafter, can be used to provide assisted product, 
service, or information searches which not only make 

35 consumers' lives more convenient, but also provide con- 
sumers with some value in return for using the service. 
This value may be in the form of monetary compensa- 
tion or it may be in the form of loyalty credits with pre- 
ferred merchants selected by the consumer 25. This is 

40 an optional service and is completely controlled by the 
consumer 25. The consumer 25 can make their hob- 
bies, personal interest and demographic information 
available, while keeping their identity private. A con- 
sumer profile is compiled by the information bank 23 

45 from both explicit and implicit information. The con- 
sumer 25 is given full control and can specify con- 
straints on information and specifically exclude certain 
information from product, service, or information search 
categories. Merchant offers which satisfy the consumer 

so criteria are forwarded by the information bank 23 to the 
consumer 25. In this system, the merchant will not know 
the identity or address information of the consumer 25, 
nor will the consumer 25 know who the identity of the 
merchant. The information provided must be presented 

55 with a summary demonstrating how it satisfies the orig- 
inal interest of the consumer 25 and may include short 
promotional information. The consumer 25 has the 
opportunity to request more information or request a 
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purchase. Up to this point, the advertising provided from 
the merchant to the consumer 25 has been free to the 
merchant- This allows the merchant to get real time 
demand statistics and other valuable aggregate indica- 
tors of the quality of their offer free of charge. However, 
in order to complete the final transaction, a fee is 
required for the merchant to continue. In this way, these 
advertising dollars are spent by the merchant, knowing 
they are highly correlated to a targeted sales market 
[0049] Figure 8 illustrates such a process where the 
consumer information from the consumer 25 device is 
entered into the information bank value generation 
account (previously numeral 35 in FIG. 1) in the form of 
a profile. In this case, the information bank 23 is shown 
as consisting of an information bank portion 123 con- 
sisting of the courtesy account and service account pre- 
viously discussed. The information bank 23 will also 
include the value generation account module, i.e., 
number 125 herein, an independent consumer advice 
module 127, a transaction module 129 providing, 
matching, brokering, consolidation and accounting 
functions, and a merchant gateway module 131 which 
connects to the merchant 133. In this embodiment, the 
value generation account module 125 takes input from 
the courtesy and service accounts 123 in the form of 
explicit and implicit (mined) data. The consumer 25 pro- 
file is updated from this data and is provided to a mod- 
ule 129 having a matching function running in the 
information bank 23. The matching function also is con- 
nected to receive offers from a merchant gateway mod- 
ule 131 which is connected to the merchant 133. 
Merchant offers which sufficiently match the consumer 
25 prof Bes will be forwarded by the information bank 23 
to the consumer by the module 129 for review. When a 
consumer 25 indicates interest in a particular offer, they 
will issue a request or a buy request back to an informa- 
tion bank consolidator function in module 129, which will 
then forward this to the merchant 133, either individually 
or in bulk with other consumer offers. The merchant 1 33 
will then pay a fee for the brokerage service and por- 
tions of this will be split by the information bank 23 and 
allocated to particular consumer accounts as appropri- 
ate. This function also includes an independent con- 
sumer advisor module 127 which includes data 
available to the consumer 25 for reference, and pro- 
vides background information about various merchant 
offers. 

[0050] The fees paid by a merchant for access to the 
consumer information could also be structured such 
that the fee would increase based upon the type of 
usage by the merchant. For example, a certain fee 
could be assessed for access to view a customer infor- 
mation summary. The fee would then be increased if the 
merchant chose to request that information be provided 
to individual consumers. A further fee increase might be 
levied if a consumer chose to respond or purchase a 
merchants product alter being solicited through the 
information bank. Other tiers of services and fees are 



also contemplated. 

[0051] The information bank 23 may also be pro- 
grammed to provide, for example, a coupon, ticket, 
token and loyalty management program in which the 

5 information bank 23 serves as a mint and clearinghouse 
for units created for use as coupons, tokens, tickets and 
other loyalty schemes. Although exhibiting a wide vari- 
ety of outward appearances, the internals of the mint- 
ing, capture redemption and automatic clearing 

10 functions would work essentially the same. This func- 
tion is valuable to the consumer 25 because of added 
functionality in an electronic wallet (to be described 
hereafter) to keep track of various coupons, tokens and 
ticket acquired by the consumer. 

15 [0052] A coupon and loyalty management program is 
depicted in Figure 9 as including several components of 
the information bank 23. These components include a 
clearinghouse module 139, a retailer gateway Module 
137, a service account Module 123, credit exchange 

20 module 135, a manufacturer gateway Module 141 , and 
interfaces to merchants who can be either retailers 147, 
manufacturers 145 or service providers, such as an 
opera house 149 or ticket issuer 1 43. 
[0053] As further shown in Figure 9, the information 

25 bank manufacturer gateway module 144 can be pro- 
grammed to mint a coupon and issue this via the manu- 
facturer 145 electronically to the consumer 25 who will 
then store the coupon in the information bank service 
account 33 or in an electronic wallet therein. Coupons 

30 may be issued by manufacturer, distributors and/or 
retailers, and tickets may be issued, for example by var- 
ious entertainment and/or educational concerns. 
Tokens are issued by a wide variety of concerns ranging 
from transportation authorities to entertainment estab- 

35 lishment Almost any retailer or business could create a 
loyalty program using tokens. The consumer 25 in 
receipt of a coupon, ticket or token would store these in 
a service account or smart card electronic wallet. When 
the consumer wished to redeem these coupons, they 

40 would forward them to the information bank retailer 
gateway module 137 which presents the coupons to the 
information bank clearinghouse module 139 for settle- 
ment. The information bank manufacturer gateway 
module 1 41 then would issue an appropriate credit back 

45 through the information bank clearinghouse module 
139 to the appropriate retailer 147 in exchange for the 
redeemed coupon. All of these functions can be imple- 
mented routinely by those of ordinary skill in the art 
using existing hardware and software tools and devices 

so once the broad functionality described in detail herein is 
toiown. 

[0054] As shown in FIG. 10 the information bank can 
also provides an important event, notification and 
response function. Such a function serves to allow the 
55 consumer 25 to specify certain events that are impor- 
tant to the consumer 25, Such events could be birth- 
days, stock price movements, loan availability, 
extraordinary bill charges, personal information 
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requests, etc. The consumer 25 can establish a hierar- 
chy for the information bank 23 to locate the consumer 
25. such as trying the consumer cellular phone first, 
then a work number, then e-mail, then a home number. 
When an event occurs that matches a trigger, a event 5 
notification is generated by a monitor program 151 . The 
priority of the event would determine the degree of 
tenacity the service asserts in order to notify and obtain 
notice of verification from the consumer 25. This proc- 
ess is shown in Figure 10, where the consumer 25 sets 
specific event triggers and stores these in the informa- 
tion bank service account 33. The information bank 
then constantly monitors the event notifications with the 
monitor program 151, and when there is a match for a 
trigger event, the information bank 23 provides notice 
back to the consumer 25, based on the notification hier- 
archy previously defined by the consumer. 
[0055] The information bank also provide an anony- 
mous shopping service. This service, as shown in Fig- 
ure 11. allows several components of the information 
bank (such as the service account 33, an anonymizer 
module 153 which assigns an alias to all consumer 
transactions, an order payment consolidator module 
155, a junk e-mail investigator module 157 and a reship- 
per module 1 59 to work together to provide a intermedi- 
ate shopping service which allows the consumer to 
browse certain merchant displays over the Internet with- 
out revealing their identity. The modules and functions 
described are conventional and well known, for exam- 
ple, from such services already available from certain 
web service providers. However, to date, no one has 
integrated the noted functions and modules into a 
coherent functioning system as provided by the present 
invention. 

[0056] The anonymous shopping feature is similar to 
the assisted product, service, and information search, 
but this feature assumes that the discovery and compar- 
ison work has already been done, either through mer- 
chant offers forwarded to the consumer, or by the 
consumer's independent investigation. 
[0057] This feature is more like a "shopping cart" on a 
website or service provider site on the Internet, where 
the shopper can span multiple merchant sites and shop- 
ping sessions and create a consolidated order. The 
information bank 23 serves as an intermediary for the 
consumer 25. The identity of the consumer 25 is 
replaced by an alias that is remembered by the function 
for subsequent reference. A different alias can be used 
for each merchant site, making it difficult for data scav- 
engers to cross-correlate consumer purchases based 
on the alias. Junk e-mail originating from unknown sites 
can be traced to the site selling the address information 
via the alias. 

[0058] This function consolidates orders to popular 
merchants and pays these merchants directly in a lump 
sum. together with a summary of orders and corre- 
sponding ship-to addresses. The consumer 25 is billed 
internally so that their credit card and other identification 



information is never exchanged over the Internet. 
[0059] For an additional shipping fee, the consumer 
has the option of having goods shipped initially to a drop 
box or reshipper address where a third party will take 
the goods and reship them to the consumer 25 at 
his/her stored address. In this manner the merchants 
never know the address or identity of the consumer 25. 
The packages are handled anonymously and a reship- 
ping services does not know package contents. 
[0060] With respect to the types of data stored by the 
information bank 23, as previously discussed, in partic- 
ular with the first data store which is stored on the data 
storage mean, which includes static identification data, 
the second data store stored on the data storage and 
which includes moderately dynamic personal data, and 
the third data store which includes dynamic demo- 
graphic information data, this is more clearly illustrated 
in FIG. 12. The courtesy count as shown in FIG. 12 
includes the static identification data which is personal 
to a use having access to the information bank 23. The 
second data store correspondences to the dynamic per- 
sonal data in the service account, and includes data 
about the user such as billing history, payment history, 
etc. The third data is the demographic data and will be 
stored in the interest bearing account to generate remu- 
neration for the consumer in exchange for allowing use 
of that clata. All of the types of data described have been 
previously discussed and are further expanded and 
illustrated in the table shown in FIG. 12. 
[0061] Turning now to the use of an "electronic wallet" 
as previously described for use in connection with the 
system 21 of the invention, such a typical wallet 171 is 
shown in FIG. 13 which shows a typical architecture for 
such a wallet 171. The concept of an electronic wallet 
means many things to many people. One version would 
be a pocket sized computer with a snap shot-size color 
screen that will be used in place of many essentials that 
consumers carry around with them today such as 
money, keys, identification, credit cards, tickets, as well 
as items that provide the consumer with mobile informa- 
tion and communications such as a watch, newspapers, 
calculator, portable telephone, pager, etc. In this 
embodiment, the wallet 171 is a physical thing that is 
carried in the pocket. Because of its electronic nature, it 
can add functionality that the conventional wallet can 
not perform. However, consumer concerns about this 
type of device make it impractical. Although it is techni- 
cally possible to back up the contents of the electronic 
device, the reality is that consumers would probably be 
at least as irresponsible with such a device as they are 
currently with their own data. Further, to the extent that 
such a wallet interlaces with providers of the wallet or 
others, there is a security concern in that information 
about the consumer could be used by others to make a 
profit and not let the consumer know about it. Thus, 
extension of the physical wallet, especially those offered 
by third party software or hardware vendors make rapid 
adoption unlikely. 
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[0062] At the other end of the spectrum is the totally 
virtual wallet. It is not a physical device, but a set of 
applications on a server somewhere. The major disad- 
vantage of this approach is that all transactions have to 
be "on-line" or connected to a server. This could result 5 
in more expensive and/or less convenient use. Another 
issue is security. 

[0063] A hybrid approach, and that preferred in 
accordance with the system 21 of the invention, is to put 
some data and applications on a physical device and w 
some on a server. A smart card is ideally suited for this 
type of application since it makes the most sense to put 
the security and access functions on the card, and to 
put the volume of data and applications on the server 
such as the information bank 23. Further, those transac- T5 
tions that would be too expensive to have on-line, such 
as small amounts of electronic cash transactions, also 
makes sense to have on a such a smart-card. Thus, as 
shown in FIG. 13, the electronic wallet 171 in one 
embodiment is made up of an e-cash applications con- 20 
tainer 173, an electronic cash application manager 175, 
a use or authentication module 1 77, a key to application 
manager 181, a key ring applications container 183, 
and external applications interoperability API (applica- 
tions program interface) 179, and a user application 25 
organizer and manager 185. 
[0064] The e-cash applications container 173, as the 
name implies, is storage for e-cash applications. In 
order to gain critical mass, more than one type of e-cash 
is supported. The storage in container 1 73 is sufficiently 30 
generic to only record each of its members as being 
some form of e-cash and the actual "object" in the con- 
tainer 173 is a "connector to the real e-cash applica- 
tion. The programming provides that the e-cash 
application can be located and started. The e-cash 3S 
manager 175 is software that provides how to add e- 
cash applications and use them in a generic manner. 
The user authentication module 177 can be replaceable 
to allow lor growth in the security and authentication 
technologies. Prior to implementation of smart cards, it 40 
could be software that asks for an account number and 
personal identification number, but with current technol- 
ogy, it can be implemented using the card and a server, 
using authentication technology implemented today. For 
future purposes, alternative security and authentication 45 
technologies might use biometrics, etc. 
[0065] The key to application manager 181 serves to 
manage non-cash applications in the wallet such as 
credit, debit, e-checks, identification, facilities access 
and other applications. This is the software that main- so 
tains the contents of the key ring application container 
183. The key-ring container 183 holds the connectors to 
server applications. The contents are managed and 
maintained by the key to application manager 181 previ- 
ously described. Even as smart cards become more ss 
commonly available, it is believed that they will not be 
sufficiently large to actually hold the applications. 
Instead, they will hold "connectors" to the applications 



that reside on a server. The most important aspect of a 
"connector" is a key or certificate that helps identify an 
authorized user of the application. The "key ring" then is 
a container of keys. They are not like the "real" keys, 
however, as further illustrated by FIG. 14 hereof. 
[0066] More specifically, FIG. 14 illustrates a wallet 
and application access scheme 201. In this figure, the 
concept of an access device provider, wallet issuer and 
application provider have all been separated. As illus- 
trated in FIG. 14, the consumer 25 can use an access 
device 203 to access their information 205. The access 
device 203 has been provided at point of sale, or point 
of contact by some party. The wallet then uses the 
access device 203 and the access device server 207 
connection to the network to contact the wallet issuer 
server 209. The consumer 25 then identifies the appro- 
priate application by their own description. The descrip- 
tion is associated to a application key proxy 21 1 that is 
sent to the application provider server 213. 
[0067] In the scheme 201 described, the consumer 25 
can access their information via a device 203 provided 
at point of sale, or point of contact by some party. Since 
this party will want some presence other than the device 
203, some "real estate" is set aside in the presentation 
interface for their content. The wallet 171 uses the 
device 203 and the devices server 207 connection to 
the network 201 to contact the wallet issuer server 209. 
The consumer 25, as noted previously, identifies the 
appropriate application by their own description. The 
description is associated to an application key proxy 
211 that is sent to an issuer server 209. The issuer 
server 209 authenticates the user 25 and then looks up 
the location of the application and its real and actual key 
to be used for access to it. It then connects the con- 
sumer 25 to the application at the application server 213 
and serves as a secure conduit. 
[0068] As may be appreciated, proxies are used 
instead of actual keys in case the card is lost or stolen. 
In this manner, the coordination with many unaffiliated 
organizations to issue new keys is eliminated. The 
issuer simply issues a new card with new proxies on the 
card. 

[0069] Such a system as will be readily apparent, can 
be easily implemented in the system of Figures 1-12 to 
provide enhanced functionality and flexibility. 
[0070] Although the invention has been described with 
reference to these preferred embodiments and features, 
other similar embodiments and features can achieve the 
same results. Variations and modifications of the 
present invention will be apparent to one skilled in the 
art and the present disclosure is intended to cover all 
such modifications and equivalents. 

Claims 

1. A system for selective organization, access to and 
use of personal data, comprising: 
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a server, having data storage means for storing 
personal data in three separate and distinct 
data stores; 

a first data store stored on said data storage 
means comprising static identification data s 
which is personal to a user having access 
means for connecting to the server accessing 
and using; 

a second data store stored on said data stor- 
age means company moderately dynamic per- to 
sonal data about the user; and 
a third data store stored on said data storage 
means comprising dynamic demographic infor- 
mation data about the user. 



2. A system according to claim 1 further comprising 
access means for connecting to said server to 
access said first, second and third data stores. 

3. A system according to claim 2 wherein said access 
means comprises a computer terminal connectable 
to said server via a network. 

4. A system according to claim 2 wherein said access 
means comprises an electronic wallet having said 
first data store duplicatively stored therein, portions 
of said second data store and portions of said third 
data store stored therein. 

5. A system according to claim 1 further comprising 
authorizing means for allowing selected users 
access to and use of dynamic personal information 
data in said third data store. 

6. A system according to claim 5 further comprising 
matching means for matching selective dynamic 
personal information data in said third data store 
which is specific to a consumer with selected infor- 
mation provided by said selected users. 

7. A system according to claim 1 further comprising 
means for authenticating and signing documents 
tor a user From data obtained from said second data 
store in communication with a user. 

8. A system according to claim 1 further comprising 
means for matching a user profile obtained from 
said third data store, with a merchant profile, upon 
user request, for transmitting information about the 
merchants products to the user. 

9. A system according to claim 1 wherein said data in 
said third data store is stored in a configuration 
ensuring user anonymity. 

10. A system according to claim 1 wherein said second 
data store includes credited value data for use by a 
user in commercial transaction. 



11. A method of selectively organizing, accessing and 
using personal data comprising: 

storing a first data store made up of data com- 
prising static identification data which is per- 
sonal to a user having access to the first data 
store; 

storing a second data store made up of data 
comprising moderately dynamic personal data 
about the user having access to the second 
data store; and 

storing a second data store made up of data 
comprising dynamic demographic information 
data about the user having access to the third 
data store. 

1 2. A method as in claim 1 further comprising providing 
access by a user to said first data store for using the 
data therein for filling out forms. 

20 

13. A method as in claim 1 further comprising duplicat- 
ing the data in the first data store, and portions of 
the data in the second and third data stores, on an 
electronic wallet. 

25 

14. A method as in claim 1 further comprising making 
data about selected users in the third data store 
available on an anonymous basis to merchants to 
allow merchants to provide information to the users 

30 about merchant products or services that match the 
data provided. 

15. A method as in claim 1 further comprising down- 
loading purchasing credits from said second data 

35 store into an electronic wallet to allow a user to 
engage in commercial transactions with such cred- 
its. 

16. A method as in claim 1 further comprising monitor- 
40 ing certain groups of data in said second data store 

for the occurrence of certain events, and notifying a 
user corresponding to said data of the event. 

17. A method as in claim 16 further comprising access- 
45 ing outside data sources to update data in said sec- 
ond and third data stores on a periodic basis. 

18. A method as in claim 1 further comprising authori- 
zation by a user to allow selected third parties to 

so access data in said second data store. 

19. A method as in claim 18 wherein said third parties 
are doctors. 

55 20. A method as in claim 18 wherein said third parties 
are financial service providers. 

21. A method as in claim 18 wherein said third parties 
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are one of the group consisting of telephone serv- 
ice vendors, power service vendors, and cable tele- 
vision vendors, insurance vendors, and credit card 
providers. 
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Information Banking 



Courtesy Account 


Service Account 


Interest Bearing Account 




OeflnWon: 
A (riA acoonl that consumani 
got a* a courtesy tor being a 
customer. Certain servtes that 
come with It are salso or aUs. 




Deflnticn: i 
A cofisumer payed tor account 
They pay for ton j term, 
guaranteed safe storage: and 
oMernai access by authorized 
people (Dr**, Accntnrs, etc) 


Definition: 
In return lor making certain 
personal types of Information 
available, the consumer Is 
payed e portion of tha receipts 
ol setting <hel daU- No names 
nor address are ever revealed. 


Characterized by: 
Small amount of daia 
ReiaUvery static 
indefinite storage tfme 


Character (zed by? 
Large amount of data 
Dynamic 

Stored over tons periods erf 
time 


Character teed by: 
Demographic data 
Users interests 
User profiles 
User agents 

Exam pros: 
Age. goographic location 
race, religion, professional 
interests, hobby Interests, 
frequent purchase categories, 
expect requests for WormarJon. 
•xcficfi requests for blocking 
categories ol information 


Examples: 

Nam*. AOWass. Phone. 
Social Security #. 
and other oommonty asked tor 
information on forms, 
applications, etc. j 


examples: 

BHiing history, payment history, 
loans, real estate bokShgs. 
stock, bond, fund txjkflgns. 
medfcal records, home web 
pages, ate 


Service Examples: 

Automated form lilting 
Sate Shopping 
GcnoraJ E-Commcrce 


Service Exe*rpti&: 

Bill presentment / toyman! 
Roiattonship management 
Anywhere. Anytime access 
Guaranteed data sale 
Tea preparation 
Emergency information focal 
point 


Service Examples: 

Sofccfled Agent searchs 
Pay to contact unsoBcHed 
Offers 

Market ftasaarch 

Electronic Census 

Profile oriented special otters 



Free to Consumer Consumer pays Consumer gets $$ 
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